Support Center > Search Results > SecureKnowledge Details
Traffic from client to Malware DNS Trap IP address is not prevented
Symptoms
  • Traffic from the client to the bogus IP address is handled according to the Access Control policy, but not logged as "Prevented."

  • DNS traffic resolving malware domains is detected and the response was replaced by the Malware DNS Trap IP and the notification in the log entry:
    "DNS response was replaced with a DNS trap bogus IP. See sk74060 for more information."

  • Client is not classified as "Infected Host" in reports.

  • Debug shows:

    ; [Date Time];[cpu_3];[fw4_0];1543930901:{policy} : malware_policy_get_action_by_confidence_level: confidence level unknow (0);
    ; [Date Time];[cpu_3];[fw4_0];1543930901:{policy} : malware_policy_get_engine_action_by_profile: malware_policy_get_action_by_confidence_level failed;
    ; [Date Time];[cpu_3];[fw4_0];1543930901:{policy} : malware_policy_get_action_by_profile_id: error. malware_policy_get_engine_action_by_profile() failed;

Cause

The confidence level of the malware is not used correctly for classifying the traffic from the client to the bogus IP. This caused the traffic to be handled only by firewall. 


Solution
Note: To view this solution you need to Sign In .